Your installer sucks, and your AV tests fail too..
So I've had to deal with a little outbreak recently, and it was quite a doozy. Evidently, your installer uses a secure tunnel to transfer files into my network - thus bypassing my *very* expensive (FireEye) infrastructure that scans downloads for malware and such, and then when combined with the fact that you permitted my co-workers to download an infected port of WinSCP, well, that just makes my day.
My Palo Alto's detected the command and control signals coming out of the infected users, however, if it wasn't for my other network gear (classified and more expensive than FireEye), then I wouldn't have been able to identify the infection vector.
You REALLY need to not use encrypted channels when they're not necessary, and frankly, in this day and age, adding an installer just complicates things even more. Why do companies seek to add their own "flavor" to what is a PERFECTLY GOOD Microsoft download experience? I mean, really, do you think that your 2 or 3 coders can make better decisions on what an acceptable download experience is than the team of 100 at Microsoft who poured over the original IE download code? What about Google's folks? Chrome handles this stuff perfectly and predictably.
I FEAR for the engineer who has to support his parents over the phone when he finds that his parents used a CNET download and have to remove toolbars and other bloatware from their relatives systems. Please stop trying to make things better by controlling them more - you're not, and what's more, you're making the world a less-safe place by doing it.
Was this reply helpful? (1) (0)